Trust and Security
We keep you in control
We have earned the trust of global enterprises through our commitment to providing a secure, highly-available platform and products that prioritize data privacy and protection. We comply with international, national, state, and local requirements for data privacy and security.
Data privacy protections that expand control
Ontic provides clients with substantial control over what data is ingested, stored, and accessible in our platform. Our platform and products not only provide extensive data protections, but they also extend the controls for clients through our permissions configurability.
- Clients choose which data sources to connect and have a consolidated picture of where, when, and why each data source is being used.
- Client administrators have sole control over all data and processes, including granular access controls for who has access to what data and what data may be stored in the platform.
- Audit trails are generated for all user activity within the Ontic Platform, providing a level of visibility most organizations lack in their security operations.
- Ontic employees do not have access to client data unless clients provide access, and all client data is automatically hard deleted 30 days after the end of a contract.
- Ontic is a “data processor” or “service provider” to its clients and has taken steps to comply with all applicable data privacy laws. You can read our Data Processing Addendum here.
- Ontic and its third-party data providers do not have a direct relationship with data subjects. That said, as part of our compliance with data privacy laws, we provide data subjects mechanisms to opt out, as described in our Privacy Policy.
Security built to support global enterprises
Our platform and related products are designed from the ground up to provide robust data protection and application security. We work with the largest organizations in the world with demanding security requirements. We employ data security best practices, including:
- Each client has a dedicated database in the cloud accessible only to its designated users.
- All data accessed or stored in the Ontic Platform is encrypted both in transit and at rest.
- We successfully pass a SOC 2 audit every year and make that report available to clients.
- All Ontic employees undergo background checks and are required to complete annual Data Security and Data Privacy Awareness Training.
Interested in some more detail, like what encryption levels we use?
Compliance with global, national, state, and company regulations
Ontic sets a new standard by offering clients not just compliance with key regulations, but by delivering unparalleled levels of governance and auditability. With Ontic in place, organizations immediately surpass the limitations of traditional workflows utilized by security teams employing notebooks, emails, spreadsheets, and disconnected point tools.
It's what we call Connected Intelligence.
Ontic helps organizations stay compliant with the fast-paced data privacy and cybersecurity landscape, including:
- Ontic complies with all applicable laws and regulations relating to the collecting, processing, and storing of personally identifiable information and other sensitive data.
- Ontic has successfully passed an annual HIPAA audit.
- Ontic is able to interconnect with national agencies where required.
- Ontic actively monitors national and local laws and restricts access to certain services and/or data where state laws or regulations have prohibited such activity.
- As most of our clients are headquartered or based in the U.S., we store data solely in the U.S. by default. Not located in the U.S.? We work with our non-U.S. clients to store their data in a mutually agreeable alternative jurisdiction. See our Privacy Policy for more information.
